Don’t miss the Linux Security Summit, be sure to register now! 
Back To Schedule
Thursday, August 25 • 15:45 - 16:30
Minijail: Running Untrusted Programs Safely - Jorge Lucangeli Obes, Google

Sign up or log in to save this to your schedule, view media, leave feedback and see who's attending!

The Linux kernel provides several sandboxing, containment and privilege-dropping features. Many of these features provide the same functionality, while others compose nicely to create de-privileged running environments for executing untrusted code.

In this talk we’ll describe Minijail, a sandboxing and containment tool initially developed for Chrome OS and now used across Google, including client platforms (like Android) and server environments (like Chrome’s fuzzing infrastructure ClusterFuzz). Minijail is also used outside of Google to create sandboxed environments in coding competitions, build farms and everything in between.

Finally, we’ll describe how Minijail is used in Chrome OS to implement a containerized version of Android that allows Chrome OS devices to run Android applications natively.

avatar for Jorge Lucangeli Obes

Jorge Lucangeli Obes

Software Engineer, Google Inc.
Jorge is the platform security lead for Brillo, Google's Android-based operating system for Internet-connected devices. Before working on Brillo and Android, Jorge worked on Chrome OS security. He has presented on Chrome OS security at Ekoparty, IATP Secure By Default (organized by... Read More →

Thursday August 25, 2016 15:45 - 16:30 EDT
Harbour C